Device controller and method to forensically secure electronic data storage device

ABSTRACT

A device controller and method to forensically secure a storage device. A device controller, interfaced between a processing device and a storage device, includes a processor and computer memory having stored therein a maintenance list including a maintenance routine. In response to a forensic mode request from the processing device, the processor transitions the device controller to a forensic mode that disables execution of the maintenance routine and any write requests involving the storage device. In response to a subsequent forensic mode request, the processor returns the device controller to a free mode. Transitioning and/or returning can be conditioned on authentication of any one or more forensic mode requests.

RELATED DOCUMENTS

This document is related to, claims the priority benefit of, and incorporates by reference in its entirety, U.S. Provisional Patent Application Ser. No. 62/181,591, entitled “Device Controller and System with Sector Level Security,” and filed on Jun. 18, 2015 by John Edward Benkert and Tony Edward Fessel.

FIELD OF THE INVENTION

The present invention relates to device controllers, and more specifically, to data security and coherency.

BACKGROUND OF THE INVENTION

A device controller can interface between a computer processing device and one or more electronic data storage devices. A computer processing device, such as a computer, can issue memory read and write requests to such a device controller, which can effectuate the requests by facilitating the reading from and writing to the one or more memory devices.

A device controller can execute data maintenance routines on such storage devices, such as hard drives, solid state memory devices, etc. Such maintenance routines can include garbage collection routines, as well as deleting, moving, and otherwise changing data, including temporary data, stored on memory devices.

SUMMARY OF THE INVENTION

It is an object of the present invention to forensically secure electronic data storage devices.

It is another object of the present invention to forensically secure electronic storage devices by preventing data maintenance routines and/or data write requests from modifying data images of electronic storage devices during one or more forensic analyses.

It is another object of the present invention to provide corresponding methods of forensically securing an electronic data storage device.

In an exemplary embodiment, the present invention can include a device controller interfaced between an electronic processing device and an electronic data storage device.

In an exemplary aspect, a device controller can include at least one processor communicatively connected to at least one computer memory having stored therein a maintenance list including at least one maintenance routine entry.

In another exemplary aspect, in response to a forensic mode request received from an electronic processing device, the at least one processor can transition the device controller to a forensic mode that disables execution of the at least one maintenance routine and execution of any write requests received involving the storage device.

In another exemplary embodiment, a device controller can receive a subsequent forensic mode request from the electronic processing device or another device, and in response to such receipt, the at least one processor can transition the device controller from the forensic mode to a free mode, which enables execution of the at least one maintenance routine and any write requests involving the storage device.

In another exemplary embodiment, the at least one memory can have further stored therein at least one authentication routine, a forensic mode request (an initial or any subsequent forensic mode requests) can include authentication data, and the at least one processor can transition the device controller to the forensic and/or a free mode based, at least in part, on authentication of the forensic mode request via the authentication data and one of the at least one authentication routine.

In additional exemplary embodiments, the present invention provides corresponding methods of forensically securing an electronic data storage device.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates an exemplary embodiment of the present invention, in which a device controller interfaced between an electronic processing device and an electronic data storage device can include at least one processor communicatively connected to at least one computer memory.

FIG. 2 illustrates an exemplary computer memory having stored therein a maintenance routine list including at least one maintenance routine entry, an optional authentication routine list include at least one authentication routine, and an optional forensic mode flag.

FIG. 3 illustrates an exemplary method according to the present invention, with the method including steps of receiving a forensic mode request, transitioning the device controller to a forensic mode state, and disabling execution of a maintenance routine and any write requests involving a storage device.

FIG. 4 illustrates a modified transitioning step that includes authenticating a forensic mode request as a condition to transitioning.

FIG. 5 illustrates additional method steps including receiving a subsequent forensic mode request and returning the device controller from the forensic mode to a free mode.

FIG. 6 illustrates a modified returning step that includes authenticating a subsequent forensic mode request as a condition to returning.

DETAILED DESCRIPTION

It should be noted that this disclosure includes a plurality of embodiments, each having a plurality of elements, steps, and/or aspects, and such elements, steps, and/or aspects need not necessarily be interpreted as being conjunctively required by one or more embodiments of the present invention. Rather, all combinations of all elements, steps, and/or aspects described herein can enable a separate embodiment of the present invention, which may be claimed with particularity in the present or one or more future filed Non-Provisional Patent Applications. Moreover, any particular structure, arrangement, step, and/or functional logic disclosed herein, whether expressly or implicitly, are to be construed strictly as illustrative and enabling, and not necessarily limiting. Therefore, it is expressly set forth that such structure, step, arrangement, and functional logic, independently or in any combination thereof, are merely illustratively representative of one or more elements, steps, and/or aspects of one or more embodiments of the present invention and are not to be construed as necessary in a strict sense.

Further, to the extent the same element, step, or aspect is defined differently anywhere within this disclosure, whether expressly or implicitly, or individually or in combination with any another element, step, or aspect, the broader definition is to take absolute precedence, with the distinctions encompassed by the narrower definition to be strictly construed as optional.

Moreover, required hardware elements for each embodiment described herein are to be perceived in a minimalistic manner. Accordingly, one of ordinary skill in the art is directed to interpret the required hardware for each embodiment as the minimum hardware elements required to effectuate each embodiment, with any additional hardware illustratively shown and/or described conjunctively herein as being strictly optional for that respective embodiment.

Illustratively, perceived benefits of the present invention can include functional utility, whether expressly or implicitly stated herein, or apparent herefrom. However, it is expressly set forth that these benefits are not intended as exclusive. Therefore, any explicit, implicit, or apparent benefit from the disclosure herein is expressly deemed as applicable to the present invention. Exemplary functional utility provided by a device controller disclosed herein includes enforcement of at least one feature of the security feature set described or incorporated herein, and can include any additional or alternative utility apparent herefrom.

The present invention can be embodied in a device controller and a method to forensically secure an electronic data storage device, such as a hard drive, a solid state drive, or any other type computer storage device that stores data in computer accessible manner, for example and not in limitation.

As illustrated in FIG. 1, according to the present invention, a device controller 100 can be interfaced between an electronic processing device 10 (sometimes, “processing device”) and an electronic data storage device 20 (sometimes, “storage device”), with the device controller having at least one processor 110 (sometimes, “processor”) communicatively connected to at least one computer memory 120 (sometimes, “computer memory”).

In an exemplary aspect, device controller 100 can be provided as any direct or indirect interfacing device between electronic processing device 10 and storage device 20 desired, such as a host controller, a memory controller, or any other known or apparent implementation of a device controller functionally compatible herewith. Further, device controller 100 can be implemented with one or more of a proprietary wired or wireless data interface and a “standardized” wired or wireless data interface, such as a Serial Advanced Technology Attachment (“SATA”), Serial Attached Small Computer System Interface (“SAS”), Small Computer System Interface (“SCSI”), Peripheral Component Interconnect Express (“PCI Express”), Joint Test Action Group (“JTAG”), or Universal Serial Bus (“USB”) interface, for example and not in limitation, insofar as functionally compatible.

In another exemplary aspect, electronic processing device 10 can be provided as any one or more electrical devices (such as a personal or specialized computer or device, or any other functionally compatible device, for example and not in limitation) capable of sending a forensic mode request and/or a write request (discussed infra), as one or more electronic signals, to device controller 100; whilst storage device 20 can be provided as any one or more types of computer accessible data storage devices, such as, for example and not in limitation, a hard drive, a solid state device, an optical device, a RAM, an EPROM, etc.

In a further exemplary aspect, the present invention contemplates utilization of any type and number of processors 110 desired, insofar as functionally compatible with the present invention, including but not limited to, an Application-Specific Integrated Circuit (“ASIC”), a Field-Programmable Gate Array (“FPGA”), a general processor, etc., for example and not in limitation. Further, processing duties can be distributed across multiple processors 110 to the extent desired.

In still another exemplary aspect, the present invention contemplates utilization of any type and number computer memories 120 desired, insofar as functionally compatible, including but not limited to, a random access memory, a read-only memory, a latch, a register, a sequential access memory, etc. Further, memory duties can be distributed across multiple computer memories 120 to the extent desired.

As further illustrated in FIG. 1, processing device 10 can send a forensic mode request 11, and optionally, a write request 12 that involves storage device 20. In exemplary aspects, forensic mode request 11 and write request 12 can be provided according to any one or more of a proprietary and a “standardized” data formats. Notably, forensic mode request 11 can represent a TRUE, FALSE, or TOGGLE (between TRUE and FALSE) value, and optionally, can include authentication data 11.1, which can be embedded within, concatenated to, inherent from, or separate from the forensic mode request, for example and not in limitation. Moreover, authentication data 11.1 can be sent with or separate from forensic mode request 11. Also notably, the present invention additionally includes forensic mode request 11 and a write request being received by different processing devices 10.

As illustrated in FIG. 2, computer memory 120 can have stored therein a maintenance routine list 121 including at least one maintenance routine entry 122; an optional authentication routine list 123 including at least one optional authentication routine 124; and an optional forensic mode flag 125.

In an exemplary aspect, a maintenance routine entry 122 can represent a data maintenance routine that provides a memory management function for storage device 20, such as garbage collection, defragmentation, etc., for example and not in limitation, and further, can be executed according to a schedule or logical state or condition.

In another exemplary aspect, an optional authentication routine 124 can include any one or more known or apparent authentication techniques, which can be used to limit use of forensic mode requests 11 to authorized entities, and can be used in conjunction with authentication data 11.1, which as noted above can be a data instance separate from a forensic mode request or can be inherent in the request itself (e.g., based on the data and/or sending format thereof, for example and not in limitation). In a further exemplary embodiment, an authentication routine 124 can authenticate a forensic mode request 11 if the authentication data 11.1 or a derivative thereof (e.g., a hash value) matches or conforms to a known value or schema in accordance with an authentication routine. For example and not in limitation, any one or more of a clear instance or cryptographic derivative of authenticate data 11.1 can be evaluated in accordance with an authentication routine 124 to authenticate the forensic mode request 11.

Moreover, a single authentication routine 124 can be applied generally to any forensic mode request 11, or can be applied to specific types of forensic mode requests (e.g., ones representing TRUE, FALSE, or TOGGLE, for example and not in limitation). Accordingly, in the latter case, multiple routines 124 can be provided.

In still another exemplary aspect, optional forensic mode flag 125 can be used to represent whether device controller 100 is in a forensic mode (TRUE) or a free mode (FALSE). Notably, forensic mode flag 125 can be provided as a separate data instance; or can be provided as a modified version of a pre-existing data instance, such as flipping or otherwise modifying one or more bits of one or more maintenance routines 122, which can respectively represent either TRUE or FALSE.

FIG. 3 illustrates an exemplary method according to the present invention, which can include steps of receiving by processor 110 forensic mode request 11 from electronic processing device 10 (step 200); in response to such receiving, transitioning, by the processor, device controller 100 to a forensic mode state 125 (step 300); and in response to such transitioning, disabling execution by the processor of maintenance routine 122. In an exemplary aspect, with the step of transitioning (step 300), processor 110 can assign the value TRUE to forensic mode flag 125. Accordingly, due to such a TRUE value, processor 110 can logically know not execute maintenance routine 122 and/or any write requests 12 involving storage device 20.

FIG. 4 illustrates another exemplary transitioning step (step 300.1) that includes authenticating forensic mode request 11 via authentication data 11.1 and an authentication routine 124. Notably, in this example, as described above with respect to FIG. 1, computer memory 120 has further stored therein at least one authentication routine 124, and forensic mode request 11 includes authentication data 11.1. Accordingly, in this embodiment, transitioning 300.1 can be conditioned upon authentication of forensic mode request 11.

FIG. 5 illustrates additional exemplary steps of a method according to the present invention, with such a method further including receiving a subsequent forensic mode request 11 (step 500), and returning, by processor 110, device controller 100 from the forensic mode to a free mode (step 600), in which case forensic mode flag 125 can be assigned the value FALSE so as to allow the processor to execute maintenance routine 122 and/or any write requests 12. Notably, any two forensic mode requests 11 can be identical or different data instances to the extent desired.

FIG. 6 illustrates another exemplary returning step (step 600.1) that includes authenticating a subsequent forensic mode request 11 via subsequent authentication data 11.1 and an authentication routine 124. Notably, in this example, as described above with respect to FIG. 1, computer memory 120 has further stored therein at least one authentication routine 124, and forensic mode request 11 includes authentication data 11.1. Accordingly, in this embodiment, returning 300.1 can be conditioned upon authentication of the subsequent forensic mode request 11. Notably, the present invention contemplates authentication as condition to effectuation of an initial, a subsequent, plural, or all forensic mode requests 11.

It will be apparent to one of ordinary skill in the art that the manner of making and using the claimed invention has been adequately disclosed in the above-written and attached description of the exemplary embodiments and aspects of the present invention.

It should be understood, however, that the invention is not necessarily limited to the specific embodiments, aspects, arrangement, steps, and components shown and described above, but may be susceptible to numerous variations within the scope of the invention. For example and not in limitation, the various logic aspects of the present invention can be implemented in any one or more of software, firmware, and hardwired logic circuitry, and additionally, processing and memory aspects can be distributed or centralized to any desired degree consistent with the present invention.

Therefore, the specification and drawings are to be regarded in an illustrative and enabling, rather than a restrictive, sense.

Accordingly, it will be understood that the above description of the embodiments of the present invention are susceptible to various modifications, changes, and adaptations, and the same are intended to be comprehended within the meaning and range of equivalents apparent to one of ordinary skill in the art. 

Therefore, we claim:
 1. A device controller interfaced between an electronic processing device and an electronic data storage device, said controller comprising: at least one processor communicatively connected to at least one computer memory having stored therein a maintenance list including at least one maintenance routine entry; wherein in response to a particular forensic mode request received from the electronic processing device, said at least one processor transitions the device controller to a forensic mode that disables execution of the at least one maintenance routine and execution of a write request involving the storage device.
 2. The device controller of claim 1, wherein the at least one memory has further stored therein at least one authentication routine, the particular forensic mode request includes particular authentication data, and said at least one processor transitions the device controller to the forensic mode based, at least in part, on authentication of the particular forensic mode request via the particular authentication data and a particular one of the at least one authentication routine.
 3. The device controller of claim 1, wherein in response to a subsequent forensic mode request received from one of the electronic processing device and another processing device, said at least one processor transitions the device controller from the forensic mode to a free mode that enables execution of the at least one maintenance routine and execution of the write request involving the storage device.
 4. The device controller of claim 3, wherein the at least one memory has further stored therein at least one authentication routine, the particular forensic mode request includes particular authentication data, and said at least one processor transitions the device controller to the forensic mode based, at least in part, on authentication of the particular forensic mode request via the particular authentication data and a particular one of the at least one authentication routine.
 5. The device controller of claim 4, wherein the subsequent forensic mode request includes subsequent authentication data, and said at least one processor transitions the device controller from the forensic mode to the free mode based, at least in part, on authentication of the subsequent forensic mode request via the subsequent authentication data and one of the particular one of the at least one authentication routine and another of the at least one authentication routine.
 6. The device controller of claim 3, wherein the at least one memory has further stored therein at least one authentication routine, the subsequent forensic mode request includes authentication data, and said at least one processor transitions the device controller from the forensic mode to the free mode based, at least in part, on authentication of the subsequent forensic mode request via the authentication data and one of the at least one authentication routine.
 7. The device controller of claim 3, wherein the particular forensic mode request and the subsequent forensic mode request are identical data instances.
 8. The device controller of claim 7, wherein the at least one memory has further stored therein at least one authentication routine, the forensic mode request includes particular authentication data, and said at least one processor transitions the device controller to the forensic mode based, at least in part, on authentication of the particular forensic mode request via the particular authentication data and a particular one of the at least one authentication routine.
 9. The device controller of claim 8, wherein the subsequent forensic mode request includes subsequent authentication data, and said at least one processor transitions the device controller from the forensic mode to the free mode based, at least in part, on authentication of the subsequent forensic mode request via the subsequent authentication data and one of the particular one of the at least one authentication routine and another of the at least one authentication routine.
 10. The device controller of claim 7, wherein the at least one memory has further stored therein at least one authentication routine, the subsequent forensic mode request includes authentication data, and said at least one processor transitions the device controller from the forensic mode to the free mode based, at least in part, on authentication of the subsequent forensic mode request via the authentication data and one of the at least one authentication routine.
 11. The device controller of claim 3, wherein the particular forensic mode request and the subsequent forensic mode request are different data instances.
 12. The device controller of claim 11, wherein the at least one memory has further stored therein at least one authentication routine, the forensic mode request includes particular authentication data, and said at least one processor transitions the device controller to the forensic mode based, at least in part, on authentication of the particular forensic mode request via the particular authentication data and a particular one of the at least one authentication routine.
 13. The device controller of claim 12, wherein the subsequent forensic mode request includes subsequent authentication data, and said at least one processor transitions the device controller from the forensic mode to the free mode based, at least in part, on authentication of the subsequent forensic mode request via the subsequent authentication data and one of the particular one of the at least one authentication routine and another of the at least one authentication routine.
 14. The device controller of claim 11, wherein the at least one memory has further stored therein at least one authentication routine, the subsequent forensic mode request includes authentication data, and said at least one processor transitions the device controller from the forensic mode to the free mode based, at least in part, on authentication of the subsequent forensic mode request via the authentication data and one of the at least one authentication routine.
 15. In a system comprising a device controller interfaced between an electronic processing device and an electronic data storage device, with the device having at least one processor communicatively connected to at least one computer memory having stored therein a maintenance list including at least one maintenance routine entry, a method of forensically securing the storage device, comprising: receiving, by the at least one processor, a particular forensic mode request from the electronic processing device; in response to said step of receiving, transitioning the device controller to a forensic mode; and in response to said step of transitioning, disabling execution by the at least one processor of the at least one maintenance routine and of a write request involving the storage device.
 16. The method of claim 15, wherein the at least one memory has further stored therein at least one authentication routine, the forensic mode request includes particular authentication data, and said step of transitioning includes authenticating the particular forensic mode request via the particular authentication data and a particular one of the at least one authentication routine.
 17. The method of claim 15, further comprising: receiving a subsequent forensic mode request from one of the electronic processing device and another processing device; and returning, by the at least one processor, the device controller from the forensic mode to a free mode in which execution of the at least one maintenance routine and execution of the write request involving the storage device are enabled.
 18. The method of claim 17, wherein the at least one memory has further stored therein at least one authentication routine, the forensic mode request includes particular authentication data, and said step of transitioning includes authenticating the particular forensic mode request via the particular authentication data and a particular one of the at least one authentication routine.
 19. The method of claim 18, wherein the subsequent forensic mode request includes subsequent authentication data, and said step of returning includes authenticating the subsequent forensic mode request via the subsequent authentication data and one of the particular one of the at least one authentication routine and another of the at least one authentication routine.
 20. The method of claim 17, wherein the at least one memory has further stored therein at least one authentication routine, the subsequent forensic mode request includes authentication data, and said step of returning includes authenticating the subsequent forensic mode request via the authentication data and one of the at least one authentication routine.
 21. The method of claim 17, wherein the particular forensic mode request and the subsequent forensic mode request are the same.
 22. The method of claim 21, wherein the at least one memory has further stored therein at least one authentication routine, the forensic mode request includes particular authentication data, and said step of transitioning includes authenticating the particular forensic mode request via the particular authentication data and a particular one of the at least one authentication routine.
 23. The method of claim 22, wherein the subsequent forensic mode request includes subsequent authentication data, and said step of returning includes authenticating the subsequent forensic mode request via the subsequent authentication data and one of the particular one of the at least one authentication routine and another of the at least one authentication routine.
 24. The method of claim 21, wherein the at least one memory has further stored therein at least one authentication routine, the subsequent forensic mode request includes authentication data, and said step of returning includes authenticating the subsequent forensic mode request via the authentication data and one of the at least one authentication routine.
 25. The method of claim 17, wherein the particular forensic mode request and the subsequent forensic mode request are different.
 26. The method of claim 25, wherein the at least one memory has further stored therein at least one authentication routine, the forensic mode request includes particular authentication data, and said step of transitioning includes authenticating the particular forensic mode request via the particular authentication data and a particular one of the at least one authentication routine.
 27. The method of claim 26, wherein the subsequent forensic mode request includes subsequent authentication data, and said step of returning includes authenticating the subsequent forensic mode request via the subsequent authentication data and one of the particular one of the at least one authentication routine and another of the at least one authentication routine.
 28. The method of claim 25, wherein the at least one memory has further stored therein at least one authentication routine, the subsequent forensic mode request includes authentication data, and said step of returning includes authenticating the subsequent forensic mode request via the authentication data and one of the at least one authentication routine. 